W dniu 14.08.2019 o 12:09, Reinis Rozitis pisze: > It's questionable that a misconfigured environment is a "security" risk > caused by language rather than ignorance of the administrator.
This is not about misconfigured environment. This is about accidental usage of *language* feature, which *by design* can lead to code leaks (so application bug, not misconfigured environment). Clearly not a language problem that it has dedicated feature to shoot yourself in the foot... > On that matter you could ask why are all the exec/passthru/proc_open etc > functions/features are allowed by default while every other guide on hardening web suggests those to be disabled (added to disable_functions)? These methods have their purpose (pretty important BTW), short open tags is just "don't use it!!!" feature. Regards, Robert Korulczyk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
